import re
-from ..formatting import *
-from ..util import readlog, resolve
-from .. import config
+from logparse.formatting import *
+from logparse.util import readlog, resolve
+from logparse import config
import logging
logger = logging.getLogger(__name__)
logger.debug("Starting sshd section")
section = Section("ssh")
- logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
- matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog(config.prefs['logs']['auth'])) # get all logins
+ logger.debug("Searching for matches in {0}".format(config.prefs.get("logs", "auth")))
+ matches = re.findall('.*sshd.*Accepted publickey for .* from .*', readlog(config.prefs.get("logs", "auth"))) # get all logins
logger.debug("Finished searching for logins")
- logger.debug("Searching for matches in {0}".format(config.prefs['logs']['auth']))
- authlog = readlog(config.prefs['logs']['auth'])
+ logger.debug("Searching for matches in {0}".format(config.prefs.get("logs", "auth")))
+ authlog = readlog(config.prefs.get("logs", "auth"))
matches = re.findall('.*sshd.*Accepted publickey for .* from .*', authlog) # get all logins
invalid_matches = re.findall(".*sshd.*Invalid user .* from .*", authlog)
user = entry.group(1)
ip = entry.group(2)
- userhost = user + '@' + resolve(ip, fqdn=config.prefs['sshd']['resolve-domains'])
+ userhost = user + '@' + resolve(ip, fqdn=config.prefs.get("sshd", "resolve-domains"))
users.append(userhost)
logger.debug("Parsed list of authorised users")
logger.debug("found " + str(len(matches)) + " ssh logins for user " + users[0])
auth_data.subtitle += ' ' + auth_data.items[0]
auth_data.orderbyfreq()
- auth_data.truncl(config.prefs['maxlist'])
+ auth_data.truncl(config.prefs.getint("logparse", "maxlist"))
logger.debug("Found " + str(len(matches)) + " ssh logins for users " + str(data))
section.append_data(auth_data)
logger.debug("Found " + str(len(invalid_matches)) + " SSH login attempts for invalid user " + invalid_users[0])
invalid_data.subtitle += ' ' + invalid_data.items[0]
invalid_data.orderbyfreq()
- invalid_data.truncl(config.prefs['maxlist'])
+ invalid_data.truncl(config.prefs.get("logparse", "maxlist"))
logger.debug("Found " + str(len(invalid_matches)) + " SSH login attempts for invalid users " + str(data))
section.append_data(invalid_data)